Publication details

Nearly all smartphones and tablets support unlocking with a short user-chosen secret: e.g., a numeric PIN or a pattern. To address users’ tendency to choose guessable PINs and patterns, we compare two approaches for helping users learn assigned random secrets. In one approach, built on our prior work [16], we assign users a second numeric PIN and, during each login, we require them to enter it after their chosen PIN. In a new approach, we re-arrange the digits on the keypad so that the user’s...

This document explains the details of the curve generation algorithms and provides the parameters for the NUMS (Nothing Up My Sleeve) curves. These curves are supported in the MSR Elliptic Curve Cryptography Library (MSR ECCLib).

Publication details

We introduce FourQ, a high-security, high-performance elliptic curve that targets the 128-bit security level. At the highest level, cryptographic scalar multiplications on FourQ can use a four-dimensional Gallant-Lambert-Vanstone decomposition to minimize the total number of elliptic curve group operations. At the group arithmetic level, FourQ admits the use of extended twisted Edwards coordinates and can therefore exploit the fastest known elliptic curve addition formulas over large characteristic...

Publication details

This position paper summarizes our perspectives on the selection of next-generation elliptic curves for standardization. It also contains generation algorithms intended as a foundation for choosing elliptic curves for cryptography in a simple, consistent and rigid way.

Publication details

Theory on passwords has lagged behind practice, where large providers use back-end smarts to survive with imperfect technology. Simplistic models of user and attacker behaviors have led the research community to emphasize the wrong threats. Authentication is a classification problem amenable to machine learning, with many signals in addition to the password available to largeWeb services. Passwords will continue as a useful signal for the foreseeable future, where the goal is

Lattice-based cryptographic primitives are believed to offer resilience against attacks by quantum computers. We demonstrate the practicality of post-quantum key exchange by constructing ciphersuites for the Transport Layer Security (TLS) protocol that provide key exchange based on the ring learning with errors (R-LWE) problem; we accompany these ciphersuites with a rigorous proof of security. Our approach ties lattice-based key exchange together...

Immersive experiences that mix digital and real-world objects are becoming reality, but they raise serious privacy concerns as they require real-time sensor input. These experiences are already present on smartphones and game consoles via Kinect, and will eventually emerge on the web platform. However, browsers do not expose the display interfaces needed to render immersive experiences. Previous security research focuses on controlling application access to sensor input alone, and do not deal...

Cloud computing sparked interest in Verifiable Computation protocols, which allow a weak client to securely outsource computations to remote parties. Recent work has dramatically reduced the client's cost to verify the correctness of their results, but the overhead to produce proofs remains largely impractical.

In this paper, we advocate “activity” to be a central abstraction between people and computing instead of applications. We outline the vision of the activity platform as the next-generation social platform.

Publication details

An item of your personal information is inversely private if some party has access to it but you do not. We analyze the provenance of inversely private information and its rise to dominance over other kinds of personal information. In a nutshell, the inverse privacy problem is unjustified inaccessibility to you of your inversely private information. We believe that the inverse privacy problem has a market-based solution.

Publication details

The presence of large numbers of security vulnerabilities in popular feature-rich commodity operating systems has inspired a long line of work on excluding these operating systems from the trusted computing base of applications, while retaining many of their benefits. Legacy applications continue to run on the untrusted operating system, while a small hypervisor or trusted hardware prevents the operating system from accessing the applications’ memory.

The prevalence of security flaws in multiparty online services (e.g., single-sign-on, third-party payment, etc.) calls for rigorous engineering supported by formal program verification. However, the adoption of program verification faces several hurdles in the real world: how to formally specify logic properties given that protocol specifications are often informal and vague; how to precisely model the attacker and the runtime platform; how to deal with the unbounded set of all potential...

Security testing and reviewing efforts are a necessity for software projects, but are time-consuming and expensive to apply. Identifying vulnerable code supports decision-making during all phases of software development. An approach for identifying vulnerable code is to identify its attack surface, the sum of all paths for untrusted data into and out of a system. Identifying the code that lies on the attack surface requires expertise and significant manual effort. This paper proposes an...

We select a set of elliptic curves for cryptography and analyze our selection from a performance and security perspective. This analysis complements recent curve proposals that suggest (twisted) Edwards curves by also considering the Weierstrass model. Working with both Montgomery-friendly and pseudo-Mersenne primes allows us to consider more possibilities which help to improve the overall efficiency of base field arithmetic. Our Weierstrass...

We present VC3, the first system that allows users to run distributed MapReduce computations in the cloud while keeping their code and data secret, and ensuring the correctness and completeness of their results. VC3 runs on unmodified Hadoop, but crucially keeps Hadoop, the operating system and the hypervisor out of the TCB; thus, confidentiality and integrity are preserved even if these large components are compromised. VC3 relies on SGX processors to isolate memory regions on individual computers, and...

Publication details

This document extends the U-Prove Cryptographic Specification by specifying an efficient revocation mechanism based on a dynamic accumulator. This scheme requires a designated verifier that shares the Revocation Authority’s private key. Unlike many accumulator schemes based on bilinear pairings, this scheme is built using a prime-order group and is therefore suitable for system that require standard constructions used in the U-Prove protocol.

The regulatory climate is in a process of change. Design, having been implicated for some time, is now explicitly linked to law. This paper recognises the heightened role of designers in the regulation of ambient interactive technologies. Taking account of incumbent legal requirements is difficult. Legal rules are convoluted, uncertain, and not geared towards operationalisable heuristics or development guidelines for system designers. Privacy and data protection are a particular moral, social and legal...

Attackers often create systems that automatically rewrite and reorder their malware to avoid detection. Typical machine learning approaches, which learn a classifier based on a handcrafted feature vector, are not sufficiently robust to such reorderings. We propose a different approach, which, similar to natural language modeling, learns the language of malware spoken through the executed instructions and extracts robust, time domain features. Echo state networks (ESNs) and recurrent neural networks...

Cipherbase is a comprehensive database system that provides strong end-to-end data confidentiality through encryption. Cipherbase is based on a novel architecture that combines an industrial strength database engine (SQL Server) with lightweight processing over encrypted data that is performed in secure hardware. Cipherbase has the smallest trusted computing base (TCB) among comparable systems and provides significant benefits over the state-of-the-art in terms of security, performance, and...

Publication details

While Microsoft product teams have adopted defect prediction models, they have not adopted vulnerability prediction models (VPMs). Seeking to understand this discrepancy, we replicated a VPM for two releases of the Windows Operating System, varying model granularity and statistical learners. We reproduced binary-level prediction precision (~0.75) and recall (~0.2). However, binaries often exceed 1 million lines of code, too large to practically inspect, and engineers expressed preference for source file...

Publication details

This document describes ANTP, an authentication protocol designed to be built over the Network Time Protocol operating in client/server mode. ANTP's design meets the requirements of NTP and the Security Requirements of Time Protocols in Packet-Switched Networks, a TICTOC Working Draft. In particular, the server does not need to keep per-client state, and the authentication steps does not degrade timestamp accuracy when compared to unauthenticated NTP. This specification is
meant to accompany a paper...

Publication details

In recent years, the drive-by malware space has undergone significant consolidation. Today, the most common source of drive-by downloads are the so-called exploit kits. Exploit kits signify a drastic consolidation of the process of malware creation and delivery. This paper presents Kizzle, the first prevention technique specifically designed for finding exploit kits.

Our analysis of exploit kits shows that while the actual JavaScript delivered by kits varies greatly, the code observed after it is...

Publication details

We study the feasibility of leveraging the sensors embedded on mobile devices to enable a user authentication mechanism that is easy for users to perform, but hard for attackers to bypass. The proposed approach lies on the fact that users perform gestures in a unique way that depends on how they hold the phone, and on their hand's geometry, size, and flexibility. Based on this observation, we introduce two new unlock gestures that have been designed to enable the phone's embedded sensors to properly...